Project Name: Project 4 - DroidBOT
Mentor: Hugo González (MX)
Backup mentor: Hanno Lemoine (DE)
Skills required: Python, Android Development
Project type: Improve existing tool
Project goal: Improve DroidBOT from last GSoC in order to get a better testing coverage of dynamic Android analyse systems.
A lot of Android malware relies on social engineering in order to infect devices. Since user interaction is required for installation, a large amount of Android malware verifies that a real user is present before starting its malicious actions (e.g. clicking a button). Similarly, some malware requires specific stimuli to verify it is running on a real phone (e.g. changing GPS coordinates). Other malware will check if it is running in an analysis environment by checking if there are at least 15 contacts on the phone.
Last year DroidBOT was build in GSoC [1,2]. It already has a lot of functionality and tests, but there are also some limitations and mission features.
The goal of this project is to provide the most realistically looking environment for malware in order to trigger all of the malicious actions.
One subgoal is to populate existing images in a dynamic way such that each analysis looks like a different phone (e.g. different contacts in address book). In addition, certain stimuli should be created such that they trigger required actions in the malicious app. Last but not least, the project includes to add a fake user that behaves as human as possible.